Privacy
Big Brother is Watching
http://www.technovelgy.com/ct/content.asp?Bnum=629
In 1984
http://www.technovelgy.com/ct/Science-Fiction-News.asp?NewsNum=610
Kinect
• Cameras track motion
• Voice recognition
• Voice tracking
• An add-on to the Xbox.
• But when games go into the cloud?
Spying on Your Rubbish
http://www.dailymail.co.uk/news/article-1255565/Spy-chips-hidden-2-5-
million-dustbins-council-snoopers-plan-pay-throw-tax.html
Pizza
http://www.aclu.org/pizza/
The Clock
A scary example from the ACLU:
http://www.aclu.org/blog/techn
ology-and-liberty/maryland-
suspends-facebook-password-
policy-job-interviews
http://www.aclu.org/privacy/spying/surveillancesocietyclock.html
An Object of Mass Obsession
Allison Stokke
Protecting Privacy Requires Tech Savvy
http://www.youtube.com/watch?v=N2vARzvWxwY
A Different
Threat -
RFIDs
Toll Tags
http://www.utexas.edu/features/2010/08/09/locational_privacy/
More RFIDs
An RFID chip used by
Walmart
With a barcode on the back
Tags used in libraries
Tracking Passports
US Passport Service Guide
But what can the bad guys do?
Tracking Other Things
http://www.cbc.ca/news/technology/story/2010/05/31/f-rfid-credit-cards-
security-concerns.html
http://www.youtube.com/watch?v=vmajlKJlT3U
Doing it with Cell Phones
• You go to the hospital and are diagnosed with H1N1.
On the Other Hand
The New Yorker, page 61, July 5, 1993
… And on the Subject of Phones
Is Privacy Still Possible?
• Google “Monica Lewinsky”
• Yahoo “Monica Lewinsky”
Policy Vacuums and Privacy
“The intensity and complexity of life, attendant upon advancing
civilization, have rendered necessary some retreat from the
world, and man, under the refining influence of culture, has
become more sensitive to publicity, so that solitude and privacy
have become more essential to the individual; but modern
enterprise and invention have, through invasions upon his
privacy, subjected him to mental pain and distress, far greater
than could be inflicted by mere bodily injury.”
Who said this when?
What is Privacy?
It’s about access:
• To my physical person
• To information about me and my life
Definitions:
• The right to be let alone [Warren and Brandeis, 1890]
Policy Vacuums and Privacy
Samuel Warren’s problem: The Boston tabloid press liked
printing lurid details of the lives of the Boston upper crust.
The existing laws:
• Laws against libel and slander.
• Property law, which, for example, prevents someone from
coming in to your house to see who’s there or check out your
bank statement.
The technology that created the problem:
•Widely circulated newspapers.
•Cameras.
Leave Me Alone: Today
Telemarketing
The National Do Not Call Registry took effect in
October, 2003.
Leave Me Alone: Today
Spam
Technology attacks technology: reverse engineering
spam generation templates:
http://www.newscientist.com/article/mg20527446.000-to-beat-
spam-turn-its-own-weapons-against-it.html
What is Privacy?
It’s about access:
• To my physical person
• To information about me and my life
Definitions:
• The right to be let alone [Warren and Brandeis, 1890]
• The right to control my “zone of inaccessibility”
Why Protect Privacy?
• It is a prudential right.
• A utilitarian argument:
What Can Happen When We Don’t
What Can Happen When We Don’t
http://news.yahoo.com/s/ap/20110420/ap_on_re_us/us_rutgers_suicide
No Need to Throw it Out
• Used to throw out records because:
• Needed the space
• It was possible
• Now we don’t because:
• Bits take up very little space
• It’s hard in databases
When No Knew it Was Even Stored
The End of Forgetting
In 2006, Stacy Snyder, then a
25-year-old student teacher in
Lancaster, Pa., posted this
photo on her MySpace page,
with the caption “Drunken
Pirate.” Days before Snyder’s
scheduled graduation, the
university denied her a teaching
degree. Snyder sued, arguing
that the university had violated
her First Amendment rights by
penalizing her for her (perfectly
legal) after-hours behavior. But
in 2008, a federal district judge
rejected the claim, saying that
because Snyder was a public
employee whose photo didn’t
relate to matters of public
concern, her “Drunken Pirate”
post was not protected speech.
Is Forgetting Important?
The Internet Archive
http://www.archive.org/index.php
The Library of Congress
Does It Work?
Can they:
• Find sites that mention you or your company?
• Remove bad reviews from 3rd party websites?
• Create positive reviews and get them ranked highly
on Google?
http://www.scam.com/showthread.php?p=939828
Does It Work?
Could they fool you by:
• Creating bad blog posts about you right before they
send you a marketing blur. Then they can ….
http://www.scam.com/showthread.php?p=939828
Why Not?
• Security:
• Terrorists and just plain criminals
Why Not?
Why Not?
• Security:
• Terrorists and just plain criminals
National Crime Information Center (NCIC)
SentryLink
Why Not?
• Security:
• Terrorists and just plain criminals
Companies behaving badly – the fallout from Enron
Sarbanes - Oxley
• Passed in 2002.
• Requires public companies to retain business
records, including emails, for 5 years.
Why Not?
• Security:
• Terrorists and just plain criminals
People convicted of sex crimes
Why Not?
• Security:
• Terrorists and just plain criminals
But aren’t many of us “criminals”?
Why Not?
• Security:
• Terrorists and just plain criminals
• Dealing with strangers
“A society of strangers is one of
immense personal privacy.
Surveillance is the cost of that
privacy.”
To the Extreme
Why Not?
• Security:
• Terrorists and just plain criminals
• Dealing with strangers
• Special protection for children
RFID in California
RFID in England
RFID in college
Why Not?
• Security:
• Terrorists and just plain criminals
• Dealing with strangers
• Special protection for children
• Accidents and disasters
Why Not?
• Security:
• Terrorists and just plain criminals
• Dealing with strangers
• Special protection for children
• Accidents and disasters
Car Black Boxes
Damned Interesting
More Information
Leveling the Playing Field
April, 2007: N.J. governor Jon Corzine’s SUV was
travelling 91 mph before it crashed.
And Now for My Car
http://www.cbsnews.com/stories/2010/03/22/business/main6323252.shtml
As with All New Technology
The legal challenge from the side that doesn’t like the
answer:
Bachman vs. General Motors
Danielle Bachman, driving a 1996 Chevy Cavalier, crossed the median
and hit a delivery van head-on. She and her mother sued GM, claiming
that the crash was caused by her airbag inflating. They tried to prevent
GM from presenting EDR data. GM requested a Frye hearing and won.
The Frye Rule
"Just when a scientific principle or discovery crosses the
line between the experimental and demonstrable stage is
difficult to define. Somewhere in this twilight zone the
evidential force of the principle must be recognized, and
while the courts will go a long way in admitting expert
testimony deduced from a well-reasoned scientific
principle or discovery, the thing from which the deduction
is made must be sufficiently established to have gained
general acceptance in the particular field in which it
belongs."
Frye v United States, 1923, Court of Appeals, the District of Columbia.
Rule 702
The Federal Rules of Evidence (1975)
Rule 702. Testimony by Experts
If scientific, technical, or other specialized knowledge will
assist the trier of fact to understand the evidence or to
determine a fact in issue, a witness qualified as an expert by
knowledge, skill, experience, training, or education, may
testify thereto in the form of an opinion or otherwise, if (1)
the testimony is based upon sufficient facts or data, (2) the
testimony is the product of reliable principles and methods,
and (3) the witness has applied the principles and methods
reliably to the facts of the case.
Daubert v. Merrell Dow
Parents sue Dow claiming birth defects caused by Bendectin.
The District Court granted Dow a summary judgment based on a well-
credentialed expert's affidavit saying that maternal use of Bendectin has not
been shown to be a risk factor for human birth defects. Although parents had
responded with the testimony of eight other well-credentialed experts, who based
their conclusion that Bendectin can cause birth defects on animal studies,
chemical structure analyses, and the unpublished “reanalysis” of previously
published human statistical studies, the court determined that this evidence did
not meet the applicable “general acceptance”' standard for the admission of
expert testimony.
The Court of Appeals agreed, citing Frye, for the rule that expert opinion based
on a scientific technique is inadmissible unless the technique is “generally
accepted”' as reliable in the relevant scientific community.
The US Supreme Court reversed that ruling and held that the Federal Rules of
Evidence, not Frye, provide the standard for admitting expert scientific testimony
in a federal trial.
Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993)
From the Daubert Decision
Things a judge should consider:
1. Whether the scientific theory or technique can be and
has been tested;
2. Whether it has been subject to publication and/or peer
review;
3. The known or potential rate of error:
4. The existence and maintenance of standards
controlling the technique's operation; and
5. General acceptance in the scientific community.
Why Not Protect Privacy?
• Security
• White men’s clubs
• The lives of “public figures”
• Free speech (Warren & Brandeis, again)
• Medical research
• Better service
Why Not Protect Privacy?
• When the data protect you
• The case of Reade Seligmann
Why Not Protect Privacy?
• When the data protect you
• The case of Reade Seligmann (April, 2006)
12:02 AM Time stamped photo shows alleged victim dancing
12:24 AM Seligmann’s ATM card used
12:25 AM Seligmann’s cell phone used
12:46 AM Seligmann’s prox card used to enter his dorm
Why Not Protect Privacy?
• When the data protect you
• Colorado v. Cain
A man accused of vehicular homicide was acquitted
when the EDR in his car showed he was not speeding
at the time of the accident.
How Much Is There?
Biometrics – Technology Reduces
Privacy
• Super Bowl 2001
• Biometrics today
Face recognition
http://www.sciencedirect.com.ezproxy.lib.utexas.edu/science/journal/0
9694765
Digital Cash – Technology Returns It
• Cash is anonymous
• Credit card transactions aren’t.
• Digital cash
What Information Is Where?
Public
Information
Personal
Information Public
Records
Proprietary
Information
Disclosure: Voluntary, Involuntary, Statutory
A Statutory Example
The Federal Election Campaign Act
www.fec.gov
The Expectation of Privacy
One idea: Privacy is important when someone has the
expectation that it exists.
• The expectation exists:
• The expectation doesn’t exist:
But what’s wrong with this criterion?